Debian Weekly News - June 22nd, 1999

Welcome to Debian Weekly News, a newsletter for the Debian developer
community. This is a special two week combined issue since I was unable to
publish last week. I am now looking for a
substitute editor.

In the wake of the logo vote, a few developers have
surfaced who didn't hear about the vote until the results were announced
and are understandably upset about not getting a chance to vote. This
perhaps points to a larger problem: though all developers are supposed to
subscribe to debian-devel-announce, not all do. So there is no way to
ensure every developer sees an announcement. One fix that's been
discussed is auto-subscribing all developers to debian-devel-announce.
Debian Weekly News encourages anyone who wants to make sure they don't miss
this type of thing in the future to at least read DWN regularly.

Wichert Akkerman has proposed splitting non-free and contrib out to a new
server, nonfree.debian.org. The impetus for this is to emphasize
that they are not part of Debian, since "the distinction isn't as visible
as it used to be; advances in searching in the distribution and tools like
apt make it very hard to see when something is in main and when not".
The proposal will come up for a vote soon and is generating lots of
discussion.

The issue of signing debs has come up again. Interestingly, Wichert
Akkerman
says that "we will support multiple verification methods within a year"
(presumably this is related to the dpkg v2 project). Manoj Srivastava posted a
good
overview of the security issues related to signing packages and some
workarounds.

Speaking of security, a new version of man-db that fixes a symlink
attack has been
released.

Dale Scheetz posted to debian-private (reposted here with
his permission) about the problems with Official Debian CD's. "Having an
Official CD has not stopped the delivery of broken CDs, and it doesn't protect
the vendor either." To help rectify this, he proposes sending CD's to
testers before publicly releasing them, and also setting up a process that
will let CD vendors put patches and other changes on the CD's and still call
them "Official".

Joost Witteveen, author of the menu package, has released
version 2.0 of that package, which incorporates a neat new concept:
hints. Read his post for details, but this should allow menu to optimize
the menu hierarchy it generates so there are no over-full or under-full menus.

The APT team has released a
new
version of APT. The most interesting new feature is support for
downloading the sources of packages. With a "--compile" switch, apt can
even launch a build of the package!

Both Ian Jackson and James Troup will be speaking at the
Linux '99
Conference in the UK. It's on the 25th and 26th.

The Philadelphia Debian GNU/Linux User's Groupmet on
the 16th. The meeting topic was "An Overview of Debian Policy"
(DWN apologizes for not publicizing this in time for the meeting.)

About $7000 was donated to Debian by LinuxCare and VA at the Debian
benefit. There were also a few posters given out by LinuxCare that are
similar to a certain other infamous poster.

On debian-policy there was a
discussionabout the undocumented.7 man page and whether it's
really useful at all. Some feel that "The undocumented(7) link is not only
useless, but actively annoying."

A few tidbits from the Debian JP project. Debian JP is doing a
survey of use of their packages, results
here. It seems that
their announcement of plans to merge with Debian backfired a little bit with
people thinking the project had quit. In fact their work on Japanese
localized packages continues.

Server news:

John Goerzen has
set
up a wanna-build database and an autobuilder for the Debian Alpha
port.